Re: Transparent proxy from different networks
Am Montag, den 06.10.2008, 10:05 -0500 schrieb Jason Voorhees:
> Hi all:
> I have a Squid running on 192.168.1.1 listening on 3128 TCP port. Users
> from 192.168.1.0/24 can browse the Internet without problems thanks to a
> REDIRECT rule in my shorewall config.
> But users from differents networks (192.168.2.0/24, 192.168.3.0/24,
> etc.) can't browse the Internet. Those networks are connected to
> 192.168.1.0/24 via a VPN connection.
> My redirect rule in iptables syntax is like this:
> iptables -t nat -A PREROUTING -s 0.0.0.0/24 -i eth2 -p tcp --dport 80 -j
> REDIRECT --to-ports
I think the end of the tunnel from VPN is not the device eth2.
The tunnel ends normaly at a bridge (br#) or a virtual device (like tun#
IMHO you must greate the same redirect-rule for the VPN-device.
> Is there a restriction to work transparent proxy for other networks
> different from 192.168.1.0/24? Do I have to configure squid to listen on
> each range o network addresses?
not sure, but i think thats the way.